Preventing flow table overflow against denial of service attack in software defined network
Aiming at denial of service attacks would cause overflow of the limited flow table space of the switch in software defined network, failure to install flow table rules for normal network packets, packet forwarding delay, and packet loss, FloodMitigation was proposed to prevent flow table overflow ag...
Saved in:
| Main Authors: | , , , , , , , |
|---|---|
| Format: | Article |
| Language: | zho |
| Published: |
Editorial Department of Journal on Communications
2023-02-01
|
| Series: | Tongxin xuebao |
| Subjects: | |
| Online Access: | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2023036/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1841540083023347712 |
|---|---|
| author | Dongbin WANG Dongzhe WU Hui ZHI Kun GUO Xu ZHANG Jinqiao SHI Yu ZHANG Yueming LU |
| author_facet | Dongbin WANG Dongzhe WU Hui ZHI Kun GUO Xu ZHANG Jinqiao SHI Yu ZHANG Yueming LU |
| author_sort | Dongbin WANG |
| collection | DOAJ |
| description | Aiming at denial of service attacks would cause overflow of the limited flow table space of the switch in software defined network, failure to install flow table rules for normal network packets, packet forwarding delay, and packet loss, FloodMitigation was proposed to prevent flow table overflow against denial of service attacks in software defined network.The management of the rate-limit flow rule installation based on available flow table space was adopted to limit the maximum installation speed of flow rules and the number of flow table space occupied by switch ports with denial-of-service attacks, and avoid flow table overflow.In addition, path selection based on available flow table space was adopted to balance flow table utilization of switches among multiple forwarding paths to avoid denial of service attacks on switches with less available flow table in the path.The experimental results demonstrate that FloodMitigation can effectively alleviate the harm of denial of service attacks in terms of preventing switch flow table overflow and packet loss, reducing resource consumption of controllers, and ensuring packet forwarding delay. |
| format | Article |
| id | doaj-art-eaf4a24b5a6941fb9d9e69d94b704e20 |
| institution | Kabale University |
| issn | 1000-436X |
| language | zho |
| publishDate | 2023-02-01 |
| publisher | Editorial Department of Journal on Communications |
| record_format | Article |
| series | Tongxin xuebao |
| spelling | doaj-art-eaf4a24b5a6941fb9d9e69d94b704e202025-01-14T06:23:05ZzhoEditorial Department of Journal on CommunicationsTongxin xuebao1000-436X2023-02-014411159386876Preventing flow table overflow against denial of service attack in software defined networkDongbin WANGDongzhe WUHui ZHIKun GUOXu ZHANGJinqiao SHIYu ZHANGYueming LUAiming at denial of service attacks would cause overflow of the limited flow table space of the switch in software defined network, failure to install flow table rules for normal network packets, packet forwarding delay, and packet loss, FloodMitigation was proposed to prevent flow table overflow against denial of service attacks in software defined network.The management of the rate-limit flow rule installation based on available flow table space was adopted to limit the maximum installation speed of flow rules and the number of flow table space occupied by switch ports with denial-of-service attacks, and avoid flow table overflow.In addition, path selection based on available flow table space was adopted to balance flow table utilization of switches among multiple forwarding paths to avoid denial of service attacks on switches with less available flow table in the path.The experimental results demonstrate that FloodMitigation can effectively alleviate the harm of denial of service attacks in terms of preventing switch flow table overflow and packet loss, reducing resource consumption of controllers, and ensuring packet forwarding delay.http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2023036/software defined networkdenial of service attackflow table overflowpath selection |
| spellingShingle | Dongbin WANG Dongzhe WU Hui ZHI Kun GUO Xu ZHANG Jinqiao SHI Yu ZHANG Yueming LU Preventing flow table overflow against denial of service attack in software defined network Tongxin xuebao software defined network denial of service attack flow table overflow path selection |
| title | Preventing flow table overflow against denial of service attack in software defined network |
| title_full | Preventing flow table overflow against denial of service attack in software defined network |
| title_fullStr | Preventing flow table overflow against denial of service attack in software defined network |
| title_full_unstemmed | Preventing flow table overflow against denial of service attack in software defined network |
| title_short | Preventing flow table overflow against denial of service attack in software defined network |
| title_sort | preventing flow table overflow against denial of service attack in software defined network |
| topic | software defined network denial of service attack flow table overflow path selection |
| url | http://www.joconline.com.cn/zh/article/doi/10.11959/j.issn.1000-436x.2023036/ |
| work_keys_str_mv | AT dongbinwang preventingflowtableoverflowagainstdenialofserviceattackinsoftwaredefinednetwork AT dongzhewu preventingflowtableoverflowagainstdenialofserviceattackinsoftwaredefinednetwork AT huizhi preventingflowtableoverflowagainstdenialofserviceattackinsoftwaredefinednetwork AT kunguo preventingflowtableoverflowagainstdenialofserviceattackinsoftwaredefinednetwork AT xuzhang preventingflowtableoverflowagainstdenialofserviceattackinsoftwaredefinednetwork AT jinqiaoshi preventingflowtableoverflowagainstdenialofserviceattackinsoftwaredefinednetwork AT yuzhang preventingflowtableoverflowagainstdenialofserviceattackinsoftwaredefinednetwork AT yueminglu preventingflowtableoverflowagainstdenialofserviceattackinsoftwaredefinednetwork |